Is there a way to install the PyOpenSSL site-package onto a ConnectPortX gateway? I’ve been wracking my brain on how to implement a version of the following XML-RPC secure server that uses pyopenssl:
If anyone has any input on how to accomplish this, or if there is another method to implement the above script with another form of SSL (examples would help) I would greatly appreciate it!!!
Unfortunately, the PyOpenSSL module requires a built-in component in the system that is coded and linked in from C language source files. That is not possible with the Digi system. Extension modules must be written solely in Python.
ok I was afraid that was the case. Thanks for filling me in on that. I’ll have to try to implement SSL in some other way (anybody have a suggestion?).
can use socket.ssl to create a ssl socket. Can use the fakesocket and such that is used other places in the standard python library to make this trivial.
ssl = socket.ssl(conn, self.key_file, self.cert_file)
conn = httplib.FakeSocket(conn, ssl) # here is your ssl socket
if httplib is not already in your python.zip may have to add it yourself (and any dependancy modules) from a python24 installation. Or you can always just look how it is implemented there and pull just what is needed into your application.
Thanks for your reply clohfink. I tried this method before but was unsuccessful because Digi does not provide verification. This is the error that is thrown when I try to implement your example above:
socket.sslerror: Verification not supported on Digi products
Any thoughts on a solution for implementing a secure socket on digi connectportX gateways??
does this not work for you?
>>> import socket
>>> s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
>>> s.connect(('184.108.40.206', 443)) # developer.idigi.com... may want to use the dns
>>> ssl_sock = socket.ssl(s)
>>> ssl_sock.write("""GET /login.do HTTP/1.0
>>> data = ssl_sock.read()
>>> del ssl_sock
>>> print data
HTTP/1.1 200 OK
what firmware/python version are you using?
This code works just fine for me, but I need to run a secure socket server not a client on my connectportx gateway. From my understanding of the “socket.ssl” method, that is reserved for client side only.
The only way that I am aware of creating an SSL socket server with python 2.4 is by using third party site-packages like PyOpenSSL or M2Crypto that wrap sockets with OpenSSL, but unfortunately these packages are not “installable” on digi gateways because they are written mostly in C, not pure Python as DigiGuy42 pointed out above.
Is there any other ways to create an SSL socket server on a Digi ConnectPortX gateway???
[i]Gateway firmware: 220.127.116.11 (Version 82001536_E 03/31/2009)
Python version: 2.4.3 (I think this is currently the standard version on all Digi Gateways)[/i]
ah I see. Have you tried looking at TLS lite? it is a pure python implementation:
I am unsure the amount of poking required to get it to work correctly however. Python 2.6 does have an ssl package that can do this but Digi has yet to release it (I am not aware of a time line).
Thanks clohfink for your continuing help with this.
I’ve been trying to get tlslite working on the digi gateway but I am not having much luck. When I first loaded tlslite onto the gateway and attempted to import it, it let me know what python files were missing that Digi must have stripped out, so I added them accordingly. Now I can successfully import it like this:
>>> import sys
>>> import tlslite
HOWEVER, if I try to import certain modules (that I need to use) that are deeper in the package I get an error:
>>> import sys
>>> import tlslite.api
Traceback (most recent call last):
File "", line 1, in ?
File "WEB/python/tlslite.zip/tlslite/api.py", line 52, in ?
File "WEB/python/tlslite.zip/tlslite/SharedKeyDB.py", line 7, in ?
File "WEB/python/tlslite.zip/tlslite/BaseDB.py", line 3, in ?
File "WEB/python/tlslite.zip/anydbm.py", line 62, in ?
ImportError: no dbm clone found; tried ['dbhash', 'gdbm', 'dbm', 'dumbdbm']
Any thoughts on how to get tlslite working on the gateway? I noticed that tlslite has two files (tls.py and tlsdb.py) that are outside of the package directory in the tar file that I believe are supposed to be loaded into the “Scripts” folder in the Python “Tools” folder (on my windows machine this would be C:\Python24\Tools\Scripts) upon install. So this may or may not be my problem, but I havent the slightest clue on how to install these files on the gateway.
Bottom line is I just simply need to run a secure XML-RPC server on the ConnectPortX Gateway. Any further help would be greatly appreciated…
try copying dumbdbm.py from your python2.4 installation to your gateway.
Also a suggestion to save yourself some trouble is to modify the tlslite.api module and remove some of the imports that you will not use (ie pop3, asyncore, https etc)
clohfink, that did it!! Thanks for all of your help on this I really appreciate it, and hopefully someone else might benefit from this post as well.
Copying dumbdbm.py to the system path got tlslite working. I also removed modules I didn’t need like the pop3, smtp, imap, and asyncore as you suggested.
Everything is working great finally. I am now running a secure xml-rpc server on the gateway with tlslite. Thanks alot!
This would make an interesting Wiki page if you want to join and document.
I’ve used TLSLite for 6 years on a PC for Python scripts to test Modbus via SSL (all normal Digi terminal/device server products support SSL on ports 2601 etc).
Any estimate of how large was the ZIP for TLSLite? Did you just ZIP all of the PY files in the tlslite sub-directory?
lynnl, thanks for the suggestion. I went ahead and started a wiki page.
My installation of tlslite came out at 337KB (unzipped). Yes, I zipped up the tlslite subdirectory, but removed modules that I didn’t need first.
Some notes others may find helpful:
When the tutorial says: “Zip up the contents of your tlslite root directory into a file (tlslite.zip).”
You should end up with a zip file containing a tlslite folder with files in it, not a zip folder containing files at the root level. So it should say “Zip the tslite root directory…”
The path appended to sys.path appears to be incorrect.
‘Python’ should be ‘python’ with a lower case ‘p’.
The correct call is sys.path.append(“WEB/python/tlslite.zip”)
I needed to add most of the dependencies to the WEB/python directory rather than put them in the tlslite.zip. I added the entire xml folder as a zip and imported it as well since.
The ‘dumbdbm.py’ error was resolved by adding dumbdbm.py to the ‘WEB/python’ (gateway root) folder along with UserDict.py (failed without changing the error before adding UserDict)